Connectivity

Connecting to pgAdmin

There are a few ways to connect to your pgAdmin server. If you have access to kubectl in your Kubernetes environment, you can use port-forward to access the pgAdmin Pod directly. This works fine for testing, but for production deployments you might want to consider using a Kubernetes Service.

We recommend looking to the Kubernetes networking documentation for specifics around networking. Kubernetes provides many ways to handle networking and connections to your Pod that won't be covered here. We will walk through some basic setup that will get you connected to your pgAdmin interface.

Connecting directly to the Pod

You can use port-forward to connect to directly to the pgAdmin Pod. This will give you access to pgAdmin on your local machine through a browser.

When starting a port-forward to the pgAdmin Pod, you need to determine the name of the Pod for your PGAdmin deployment. You can do this by using kubectl get and selecting the Pod with the postgres-operator.crunchydata.com/pgadmin label. You can save the Pod name to the variable PGADMIN_POD to make it easier to reuse:

Bash:

export PGADMIN_POD=$(kubectl get pod -n postgres-operator --selector="postgres-operator.crunchydata.com/pgadmin=rhino" -o name)

Powershell:

$env:PGADMIN_POD=$(kubectl get pod -n postgres-operator --selector="postgres-operator.crunchydata.com/pgadmin=rhino" -o name)

Once you've identified your pgAdmin Pod, you can port-forward to it directly:

Bash:

kubectl port-forward -n postgres-operator ${PGADMIN_POD} 5050:5050

Powershell:

kubectl port-forward -n postgres-operator ${env:PGADMIN_POD} 5050:5050

Once the connection is established, you can connect over the port-forward.

Connecting through a Service

You also have the option to create a Service to connect. If you are using a Service, the easiest way to connect is to start a port-forward connection that points to that Service. In this case you only need to know the name of the Service.

kubectl port-forward service/$MY_SERVER 5050:5050

Where $MY_SERVER is name of the Service.

Once the connection is established, you can connect over the port-forward. This is a good way to test that your Service is working correctly.

However, it still might not be your preferred connection method in production. For alternative methods, reference the Kubernetes documentation or our OpenShift Route documentation.

Connecting through an OpenShift Route

An OpenShift Route is one way to accomplish application hosting at a public URL when using OpenShift. While the possibilities for configuration are extensive, a simple HTTP connection can be accomplished with a few simple steps. First, assuming you have a Service defined named my-service (see Creating a Service for more details), you could define a Route as follows:

apiVersion: route.openshift.io/v1
kind: Route
metadata:
  name: hello-pgadmin
spec:
  host: hello-pgadmin.$INGRESS_DOMAIN
  port:
    targetPort: pgadmin-port
  to:
    kind: Service
    name: my-service

where $INGRESS_DOMAIN is the default Ingress domain name. One way to easily get that value is by using

oc get ingresses.config/cluster -o jsonpath='{.spec.domain}'

After creating this Route, in a web browser navigate to http://hello-pgadmin.$INGRESS_DOMAIN and login to pgAdmin using a defined user.

Creating a Service

With the PGAdmin API you have two options for creating a Service. You can either provide a ServiceName in your PGAdmin manifest to create a ClusterIP Service or you can manually create a Service as part of your deployment.

Creating a ClusterIP Service with PGAdmin API

CPK provides the ability to create a ClusterIP Service that points to your pgAdmin Pod. You can configure this by providing a name in the spec.ServiceName field.

spec:
  serviceName: "my-service"

Warning

If the Service you provide through serviceName already exists in your environment and is not owned by CPK, CPK will not take ownership of that Service.

CPK will create a ClusterIP Service using the name that you provide. This Service will be configured to point to the pgAdmin web server and will be owned by your PGAdmin custom resource and labeled like any other PGAdmin resource.

After the Service is created, you can make some adjustments to the Service, like adding labels or annotations. If you need further adjustments, we recommend manually creating a service that meets your needs.

Creating a Service manually

If you need to modify your ClusterIP Service, or you require other Service types (like LoadBalancer or NodePort Services), you have the ability to create your own Service and point it at pgAdmin.

Whichever type of Service you create will need to point to the pgAdmin Pod and port. This is done by setting the selector and port fields on the Service.

In the example below we are pointing to the Pod for PGAdmin my-pgadmin using the postgres-operator.crunchydata.com/pgadmin: my-pgadmin label. We also configure the service to point to port 5050, the default port for pgAdmin.

Additional configuration will depend on your Kubernetes environment and the available networking options. You can reference the Kubernetes Service documentation for information on types of Services.

In our example we will assume you have a Kubernetes cluster that supports the NodePort Service type and that NodePort 30050 is allowed in your cluster. You can create the following Service that will point to pgAdmin:

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  type: NodePort
  ports:
  - name: pgadmin-port
    port: 5050
    protocol: TCP
    nodePort: 30050
  selector:
    postgres-operator.crunchydata.com/pgadmin: my-pgadmin

Once the NodePort Service is created you will be able to connect to pgAdmin on the node where your Kubernetes cluster is running.

Configuring TLS connections to pgAdmin